This is the last post this blog sees; professional content will continue to be posted on the Tag1 Consulting blog, personal ramblings will disappear. I already asked for this blog to removed. I would like to say in closing: the future of Drupal blog post was not meant to be a critique of Acquia who puts several people full time on Drupal core and contributes more money on top.

I have cared a lot, even too much about designing secure APIs for Drupal. To create a software which made it easy to write secure custom code and hard to write insecure. I placed this in front of other concerns including developer and user experience. Sounds nice, isn't it? But in truth, I was trying to tend a garden in the nuclear winter. By and large the Internet is so insecure that making it slightly easier to write more secure code is a trifling concern. It is enough that Drupal is not a house of cards of security wise and indeed it is not. Let other concerns win over security in API design. I was wrong. And I am out.

I got these gems from a person at Acquia. I followed up with someone supposedly higher up in the chain but never got an answer. Needless to say I was just an expert helping [redacted] and not someone who makes the decisions for them:

Karoly,

Our colleagues have previously spoken regarding [redacted] web properties. I’m reaching out to introduce myself and see if it would make sense to discuss your web plans for 2015.

Here's something I learned from Wim Leers: the static keyword has a bad rep in PHP but that's because static variables can be problematic. static methods, especially protected static methods on the other hand are useful to indicate and enforce a method not changing the state of the object.

Migrate is horribly broken! Migrate works awesome! Both are true. (Yes!) So Keith Dechant reported migrating a live Drupal 7 site to Drupal 8. Melissa Anderson is migrating a Drupal 6 site and gets mostly bugs. How is this possible? Well, Keith was coding his way around bugs, not just using what core provided (this should be obvious since we do not yet provide Drupal 7 sources in core) and Melissa had a site builder approach to it.

Today I needed to add autocomplete to a field that could contain comma separated usernames and obviously the requirements included autocomplete. I thought this problem must be solved already in the ecosystem and sure, Views has it already. So I have added '#autocomplete_path' => 'admin/views/ajax/autocomplete/user', '#element_validate' => array('my_module_usernames_validate') and then

Now that we have a fairly good idea how Drupal 8 and data looks let's discuss what can MongoDB provide and why would you want to run it. In Drupal 8, every kind of data can be stored independently. I fully expect that people will indeed mix storages. For example, D8 by default runs a config query on every page to find the blocks to be displayed for the current theme. Again, by default, config entities are stored as serialized PHP arrays so the only way a query like that can run is to load every single block entity from the database and iterate over them.

This was our first critical office hours. webflo have forward ported a Views SA (turned out that Twig autoescape made short work of the security hole -- yay! so now it's just a test) and even past the office hours followed up with a patch that now passes. I will monitor the issue further and make sure it gets reviewed and committed.

You will often find the less you are allowed to do with a computer the more user friendly it seems. This is hardly a coincidence. You need to make your decisions on how much inconvenience you are willing to take in exchange for your freedom in computing. The first and most important step is to make these decisions deliberate. Perhaps after the keynote this necessity is clear.